5. Use Data Loss Prevention to help prevent data breaches -- Implement a DLP solution to discover sensitive data, monitor its use and protect it from loss. Data loss prevention should be implemented to monitor the flow of data as it leaves the organization and monitor copying sensitive data to external devices or Web sites. DLP can identify and block suspicious copying or downloading of sensitive data.

6. Implement a removable media policy -- Where practical, restrict unauthorized devices such as external portable hard-drives and other removable media. Such devices can introduce malware and facilitate intellectual property breaches. If external media devices are permitted, automatically scan them for viruses upon connection to the network and use a DLP solution to monitor and restrict copying confidential data to unencrypted external storage devices.

8. Aggressively update, patch and migrate from outdated and insecure browsers, applications and browser plug-ins to the latest available versions using automatic update mechanisms. Wherever possible, automate patch deployments to maintain protection against vulnerabilities across the organization.

9. Enforce an effective password policy -- Ensure passwords are at least eight to 10 characters long and include a mixture of letters and numbers. Encourage users to avoid re-using the same passwords on multiple Web sites, and sharing passwords with others. Passwords should be changed at least every 90 days. Avoid writing down passwords.

10. Restrict e-mail attachments -- Configure mail servers to block or remove e-mail that contains file attachments that are commonly used to spread viruses, such as .VBS, .BAT, .EXE, .PIF, and .SCR files. Organizations should investigate policies for .PDFs that are included as e-mail attachments.

11. Ensure the proper infection and incident response procedures -- Keep security vendor contact information, know whom to call, and what steps to take if one or more systems are infected.

12. Educate users about new threats -- Don't open attachments unless they are expected and from a trusted source and don't execute software downloaded from the Internet unless the download has been scanned for viruses. Be cautious when clicking on URLs in e-mails or social media programs. Deploy Web browser URL reputation plug-in solutions that display the reputation of websites from searches.

Source: Symantec. The full July 2011 report is available at: SYMCINT_2011_07_July_FINAL-EN.pdf

About this Report

This report was commissioned by the Content Solutions unit, an independent editorial arm of 1105 Government Information Group. Specific topics are chosen in response to interest from the vendor community; however, sponsors arenot guaranteed content contribution or review of content before publication. For more information about 1105 Government Information Group Content Solutions, please email us at GIGCustomMedia@1105govinfo.com